Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Security Issues

Re: Security Issues

From: Pete Finnigan <pete_at_petefinnigan.com>
Date: Fri, 17 Oct 2003 11:32:49 +0100
Message-ID: <U7yZUABRV8j$Ew8h@peterfinnigan.demon.co.uk>

Hi Kalle,

Encryption is an option but protecting your data against DBA's is probably impossible, even if you encrypt the secret data it has to be decrypted to be read and maintained by the application, someone has to have access to the keys used "at some point". Someone somewhere in the chain of command has to be trusted. There are secure ways of managing keys using products such as the Thales RG7100 HSM or Eracom CSA8000. Also check out jared Still's page http://www.cybcon.com/~jkstill/util/en cryption/encryption.html about encryption. Also search www.fatcity.com for the ORACLE-L list and find a recent posting by Craig Munday about encryption and key protection.

The backups should not be kept locally on the machine (you might have a problem with "quickly as possible" though) and should be encrypted - choose any file encryption method!. Tape management should be thought out so that backup tapes cannot be socially engineered from wherever they are stored.

You should consider auditing very carefully and monitor access and controls and use of system privileges (also protect the audit trail). You could consider limiting security access by the DBA's using a custom designed role and not the DBA role but i think you are heading down the wrong path with that one - the problem would be that it is difficult to limit privileges whilst still allowing the DBA's you employ to function effectively. You should consider label security based on VPD on your secure data. Also consider fine grained auditing.

There are many papers about security and Oracle on my website at http://www.petefinnigan.com/orasec.htm - some of which may be useful to you.

kind regards

Pete

-- 
Pete Finnigan
email:pete_at_petefinnigan.com
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.
Received on Fri Oct 17 2003 - 05:32:49 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US